Skills
skills/marcioaltoe/skills/triage/Gen Agent Trust Hub

triage

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from an issue tracker, including issue bodies, comments, and pull request diffs. This creates an indirect prompt injection surface where a malicious reporter could attempt to manipulate the agent's triage logic or state machine transitions.
  • Ingestion points: SKILL.md (Step 1: Gather context) reads full issue/PR content, including comments and author data.
  • Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" warnings for the external content.
  • Capability inventory: The skill can post comments to the issue tracker, apply labels, close issues, and modify local files in the .out-of-scope/ directory.
  • Sanitization: No explicit sanitization or validation of the external content is required before the agent evaluates it.
  • [COMMAND_EXECUTION]: The instructions in SKILL.md (Step 3: Verify the claim) explicitly direct the agent to 'reproduce it from the reporter's steps' for bugs and 'run the relevant tests or commands' for PRs. This pattern of executing instructions or scripts provided by untrusted external users constitutes a significant risk for arbitrary command execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 11:03 AM
Security Audit — agent-trust-hub — triage